Page 1 of 1

Zimbra (OCS) ignores MX record?

Posted: Tue Nov 06, 2012 3:28 pm
by cjm51213
Hi Folks,
I have a Zimbra 8 (OCS) server, and it is hosting a few domains. One domain is "unimplemented", meaning I have not defined any users except "admin" and two aliases "root", and "sa". This domain, "tclc.org" is the "natural" domain on my subnet, meaning all the machines are members of this domain.
I also have an Exchange Server that I am vacating and is currently handling mail for TCLC.org. This Exchange Server has a public IP, not on my subnet. There are TWO MX records for the TCLC.org domain, one out in the world at large pointing to the public IP for TCLC.org and one on my local DNS server pointing to exactly the same address.
If I am authenticated on Zimbra as a user of one of the other domains, and I send a message to members of TCLC.org, the correct behavior is for Zimbra to seek the MX record, which identifies a server somewhere else, and forward to that server, which would be the Exchange server, but Zimbra thinks he owns the TCLC.org domain, and bounces the mail because there is no user defined, unless I am sending to one of the three. I think this only happens because Zimbra is lazy and making an assumption that is either unwarranted or misconfigured, and that is because he knows about the TCLC.org domain, he, therefore has no need to fetch the MX record.
It this bit of bad behavior configurable or is it a bug?
Thanks for the help,
Chris.

Zimbra (OCS) ignores MX record?

Posted: Wed Nov 07, 2012 1:01 am
by phoenix
[quote user="cjm51213"]If I am authenticated on Zimbra as a user of one of the other domains, and I send a message to members of TCLC.org, the correct behavior is for Zimbra to seek the MX record, which identifies a server somewhere else, and forward to that server, which would be the Exchange server, but Zimbra thinks he owns the TCLC.org domain, and bounces the mail because there is no user defined, unless I am sending to one of the three. I think this only happens because Zimbra is lazy and making an assumption that is either unwarranted or misconfigured, and that is because he knows about the TCLC.org domain, he, therefore has no need to fetch the MX record.[/QUOTE]Go to the wiki (or search the forums) and read the article on Split Domain.

Zimbra (OCS) ignores MX record?

Posted: Wed Nov 07, 2012 10:04 am
by cjm51213
Hi Bill,
I don't think "Split Domains" applies. Under no circumstances should any mail for TCLC.org be directed to Zimbra, and the only time it does happen, is when the mail originates from a domain co-hosted on the Zimbra server. Zimbra is not retrieving the MX record for domains that he knows.
Thanks for the help,
Chris.

Zimbra (OCS) ignores MX record?

Posted: Wed Nov 07, 2012 6:44 pm
by GreenGumby
I had a feeling this is standard behavour for postfix. If postfix is configured for that domain, it won't bother checking for mx records as it assumes it is controlling that domain.
You may have more luck googling for the issues as a postfix problem.

Zimbra (OCS) ignores MX record?

Posted: Thu Nov 08, 2012 11:07 am
by Klug
It is postfix related, not ZCS specific.

That's why you should either use split-domain or rename the domain to something else, do the provisioning/tests then rename it.

Zimbra (OCS) ignores MX record?

Posted: Thu Nov 08, 2012 12:12 pm
by cjm51213
Hi Klug,
I agree that it is Postfix and therefore not specifically zcs related. You suggest I do the provisioning/tests and rename. I assume I get the renaming opportunity during the provisioning/tests. I also assume there is a script like install.sh which will run the provisioning/tests. Am I right in my assumptions? How do I run the provisioning/tests?
This domain is the initial domain as configured during install.sh. In my mind, that makes it special, but "believe it so" does not "make it so", so I have to ask, "Is the initial domain created as a result of install.sh special in any way?"
Thanks for the help,
Chris.

Zimbra (OCS) ignores MX record?

Posted: Sat Nov 10, 2012 6:46 am
by Klug
During the setup process, you should use a "non production domain", like the FQDN of the server.

So all the administrative accounts (ham, spam, admin, etc) are in this "non production" domain and there's no impact on production what ever you do with them.
I agree this is not documented enough 8(